Full-text search. Typo-tolerant.

Black Lens Intelligence Desk ·

Cyber Intelligence Daily -- May 10, 2026

Cyber Intelligence Daily -- May 10, 2026

CYBER INTELLIGENCE DAILY BRIEF — 10 MAY 2026

TLP:WHITE | 0600 UTC | Coverage Window: 08–10 May 2026

Bottom Line

Three CISA KEV additions in the past five days — anchored by an actively exploited BerriAI LiteLLM SQL injection — are the operational priority for federal and enterprise defenders. An out-of-band ASP.NET Core Data Protection patch and the unresolved Palo Alto PAN-OS zero-day (CVE-2026-0300, no patch available) define the unpatched attack surface heading into the 12 May Patch Tuesday cycle. The ShinyHunters extortion campaign against Instructure Canvas is live with a 12 May attacker-stated leak deadline.

Key open question: Whether ShinyHunters executes the 12 May Instructure data dump or negotiations extend — the outcome determines whether institutions face an imminent secondary phishing wave keyed to authentic Canvas message content.

Key Judgments

KJ-1. CVE-2026-42208 (BerriAI LiteLLM) is being exploited in the wild to extract AI proxy database contents including virtual API keys and upstream provider credentials. (Moderate confidence — exploitation timing and IOCs sourced to a single vendor research team; see Confidence Note.)

KJ-2. CVE-2026-6973 (Ivanti EPMM) is being exploited as a zero-day against a self-reported "very limited number" of customers per Ivanti's own advisory; CISA has added it to the KEV catalog. (High confidence — CISA KEV primary record; Ivanti vendor advisory. FCEB remediation deadline: consult your agency's CISA BOD 22-01 tracking — the KEV catalog entry currently lists no due date; agencies should apply the standard 14-day BOD 22-01 calculation from the 7 May addition date, yielding 21 May 2026 absent a specific override.)

KJ-3. CVE-2026-0300 (Palo Alto PAN-OS User-ID Authentication Portal, out-of-bounds write) permits unauthenticated code execution on PA-Series and VM-Series firewalls and currently has no vendor patch — only configuration-based mitigation. (High confidence — CISA KEV primary record; Palo Alto Networks advisory. Exploitation telemetry beyond the KEV listing itself has not been independently corroborated in this brief's collection window.)

KJ-4. Microsoft's out-of-band ASP.NET Core Data Protection update requires not only package upgrade but also key-ring rotation; tokens forged during the vulnerable window remain valid after patching alone. (Moderate confidence — sourced to Microsoft vendor guidance; CVE does not appear in the pre-gathered intelligence sweep and is carried forward on the basis of vendor advisory reporting only.)

KJ-5. The ShinyHunters extortion of Instructure Canvas is confirmed by the victim organization, with a 12 May 2026 attacker-stated leak deadline; the attacker-claimed scale of 275 million records across 8,809 institutions is not independently verified. (Moderate confidence — victim CISO disclosure is primary; ShinyHunters attribution is attacker self-claim corroborated by Mandiant TTP pattern-matching, not independent forensic attribution.)

KJ-6. A cluster of five GeoVision physical security CVEs published 4 May 2026 — including CVE-2026-42369 (CVSS 10.0) — remains unpatched with no vendor remediation timeline. (High confidence — NIST NVD primary records; no-patch status confirmed by absence of vendor advisory.)

Assessment Area Finding Confidence
KEV exploitation status CVE-2026-42208, -6973, -0300 confirmed exploited High (KEV primary record)
Patch availability LiteLLM and EPMM patched; PAN-OS mitigation-only High
Instructure breach occurrence Victim CISO confirmed High
Instructure breach scope 275M record / 8,809 institution figures are attacker-claimed, not verified Low
ShinyHunters attribution Attacker self-claim + Mandiant TTP pattern; not forensically attributed Moderate
Attribution (PAN-OS, EPMM) No public attribution to named actor Low
Ransom outcome (12 May deadline) Leak vs. payment unknown Unverified

CISA added three vulnerabilities to the Known Exploited Vulnerabilities catalog between 6 and 8 May 2026. The BerriAI LiteLLM SQL injection (CVE-2026-42208) was reportedly exploited within hours of disclosure, marking one of the earliest KEV entries targeting dedicated AI gateway infrastructure rather than general-purpose enterprise software (analytical inference — no comparative baseline catalog survey has been conducted in this collection window; treat as preliminary observation pending verification). The Palo Alto PAN-OS zero-day (CVE-2026-0300) has no patch available; only zone-restriction mitigation is offered. Microsoft separately issued an out-of-band ASP.NET Core fix that requires post-patch key rotation to fully remediate. The active ShinyHunters extortion of Instructure Canvas enters its final 48 hours before the attacker's stated 12 May leak deadline.

Story 1 — Three KEV Additions, FCEB Remediation Required [ACTIONABLE]

CVE-2026-42208 — BerriAI LiteLLM SQL Injection (Added 8 May 2026)

CISA added CVE-2026-42208 to the KEV catalog on 8 May 2026. The vulnerability is a pre-authentication SQL injection in BerriAI's LiteLLM AI proxy, affecting versions ≥1.81.16 and <1.83.7, fixed in 1.83.7 per GitHub advisory GHSA-r75f-5x8p-qvmc. The flaw is reachable via a crafted Authorization header to LLM API routes including POST /chat/completions, allowing an unauthenticated attacker to read and modify the proxy database — including virtual API keys, upstream provider credentials, and configuration variables.

FCEB remediation deadline: The KEV catalog entry for CVE-2026-42208 currently lists no specific due date. Federal agencies should apply the standard BOD 22-01 14-day calculation from the 8 May addition date, yielding 22 May 2026 absent a CISA-issued override. Verify against the live KEV catalog entry before operationalizing this date.

Reported exploitation: Sysdig Threat Research Team reported first observed exploitation approximately 36 hours after the advisory entered the GitHub Advisory Database, with attacker source IPs 65.111.27.132 and 65.111.25.67 issuing requests with user agent Python/3.12 aiohttp/3.9.1 targeting LiteLLM key tables. (Single source — Sysdig TRT vendor research blog; timing precision of "36 hours and 7 minutes" and named IPs are unverified against independent telemetry. IOCs should be treated as single-source pending corroboration. No victim count, sector, or geography beyond these two IPs has been published in this collection window.) No named Sysdig researcher has been independently verified by this brief's collection process; the attribution to a researcher named "Michael Clark" appears in reporting but cannot be confirmed against primary Sysdig publication records available to this brief.

Action — Defenders:

  1. Upgrade LiteLLM to 1.83.7 immediately.
  2. If immediate upgrade is impossible, set disable_error_logs: true under general_settings (vendor-recommended interim mitigation per BerriAI advisory).
  3. Rotate all LiteLLM virtual keys, master keys, and upstream provider credentials regardless of patch status — assume compromise if the proxy was internet-reachable.
  4. Hunt proxy and web logs for Authorization: Bearer sk-litellm' patterns and UNION SELECT strings.

CVE-2026-6973 — Ivanti EPMM Improper Input Validation (Added 7 May 2026)

Ivanti confirmed CVE-2026-6973 was exploited as a zero-day against a "very limited number of customers" per the vendor's own advisory. The vulnerability is an improper input validation flaw in on-premises Ivanti Endpoint Manager Mobile (EPMM) instances. Cloud-based Ivanti Neurons for MDM is not affected.

FCEB remediation deadline: The KEV catalog entry currently lists no specific due date. Applying the standard BOD 22-01 14-day calculation from the 7 May addition date yields 21 May 2026 absent a CISA-issued override. Verify against the live KEV catalog entry.

Shadowserver Foundation reported over 800 internet-exposed Ivanti EPMM instances as of approximately 7 May 2026 (Shadowserver Foundation internet-exposure scan telemetry; specific dashboard URL not available in this collection window — verify at shadowserver.org/statistics). No public attribution has been issued for this campaign. Prior EPMM zero-day campaigns in 2023 and May 2025 (CVE-2025-4427/4428) included activity attributed by Mandiant to Chinese state-sponsored clusters; that attribution must not be transferred to the current campaign without independent evidence — doing so would constitute analytical leap. The claim that prior campaigns reached "dozens of victims" before vendor disclosure is drawn from Mandiant's published retrospective reporting on the 2023 EPMM campaign and is not independently verified for the current incident.

Action — Defenders:

  1. Upgrade on-premises EPMM to 12.6.1.1, 12.7.0.1, or 12.8.0.1 per Ivanti advisory.
  2. Audit and rotate all EPMM administrative credentials.
  3. Review authentication logs for unusual administrative session origins; remove unused admin accounts.
  4. No reliable atomic IOCs are currently published for this CVE — behavioral hunting on EPMM admin activity is required.

CVE-2026-0300 — Palo Alto PAN-OS Out-of-Bounds Write (Added 6 May 2026; No Patch)

The PAN-OS vulnerability resides in the User-ID Authentication Portal (Captive Portal) service of PA-Series and VM-Series firewalls. An unauthenticated attacker can achieve code execution by sending specially crafted packets. No official patch is currently available. Exploitation telemetry beyond the CISA KEV listing itself — including victim count, actor identity, and observed exploitation volume — has not been independently corroborated in this collection window.

FCEB remediation deadline: The KEV catalog entry currently lists no specific due date. Applying the standard BOD 22-01 14-day calculation from the 6 May addition date yields 20 May 2026 absent a CISA-issued override. Verify against the live KEV catalog entry.

Action — Defenders:

  1. Restrict User-ID Authentication Portal access to trusted zones only (Palo Alto Networks-recommended workaround per vendor advisory).
  2. If Captive Portal is not operationally required, disable it pending patch release.
  3. Monitor for crash dumps or anomalous reboots on perimeter firewalls.

Story 2 — Microsoft Out-of-Band: ASP.NET Core Data Protection [ACTIONABLE]

(Note: The CVE associated with this story does not appear in the pre-gathered intelligence sweep for this brief. This story is carried forward on the basis of vendor advisory reporting only. Readers should verify the advisory directly at the Microsoft Security Response Center before operationalizing.)

A regression in Microsoft.AspNetCore.DataProtection NuGet packages causes the managed authenticated encryptor to compute its HMAC validation tag incorrectly, discarding the computed hash in some cases. The broken validation allows an attacker to forge payloads that pass authenticity checks and to decrypt previously-protected payloads in authentication cookies, antiforgery tokens, TempData, and OIDC state. Per Microsoft vendor guidance, the fix is available in the updated package version.

The critical remediation detail: If an attacker authenticated as a privileged user during the vulnerable window, they may have induced the application to issue legitimately-signed tokens. These tokens remain valid after upgrading the package unless the DataProtection key ring is separately rotated. This guidance is attributed to Microsoft vendor advisory documentation; the named program manager "Rahul Bhandari" appears in reporting on this advisory but cannot be independently verified against primary MSRC publication records available to this brief's collection process.

Action — Defenders:

  1. Update Microsoft.AspNetCore.DataProtection to the patched version per the MSRC advisory (verify current fixed version at microsoft.com/security).
  2. Redeploy the application.
  3. Rotate the DataProtection key ring — patching alone is insufficient.
  4. Audit privileged session activity from the vulnerable deployment window.

Forward look: References in some reporting to "Bluehammer-family exploits (RedSun, UnDefend)" and a prior "CVE-2026-33825" in connection with the 12 May Patch Tuesday cycle could not be corroborated against any MSRC advisory, named researcher publication, or Tier 1–3 outlet in this collection window. (Unverified — single-source gap-fill research; these named exploit families and CVE are excluded from analytical judgments in this brief and flagged here for transparency only.)

Story 3 — ShinyHunters / Instructure Canvas: 48 Hours to Attacker-Stated Leak Deadline

Instructure confirmed on the company status page that Canvas, Canvas Beta, and Canvas Test were placed in maintenance mode on 7 May 2026. The vendor stated it revoked privileged credentials and access tokens, deployed patches, rotated certain keys, and increased monitoring. Exposed data per the vendor: names, email addresses, student ID numbers, and user messages; the vendor stated at time of disclosure that there was no evidence of passwords, dates of birth, government identifiers, or financial data being involved.

Attacker claims: ShinyHunters claimed the breach and asserted that nearly 9,000 schools worldwide were affected with "billions" of private messages accessed, per Associated Press reporting and WIRED reporting on Canvas portal defacements tied to a 12 May 2026 attacker-stated leak deadline. The 275 million record / 8,809 institution figures originate with the attacker and are not independently verified (contested — Instructure has not confirmed scope; attacker-issued figures in prior ShinyHunters campaigns have historically been inflated, though this pattern does not constitute verification that current figures are inaccurate).

Named sources in reporting: The CISO disclosure appeared on the Instructure status page. Associated Press reporting cited an analyst at Emsisoft characterizing ShinyHunters' claims; WIRED reported on the portal defacements and leak deadline. The specific named individuals attributed to these outlets — "Steve Proud" (Instructure CISO), "Luke Connolly" (Emsisoft), "Heather Hollingsworth" (AP), "Lily Hay Newman and Andy Greenberg" (WIRED) — appear in secondary reporting but cannot be independently verified against primary publication records available to this brief's collection process. (Single-source flag applies to all named-individual attributions in this story.)

Reported initial access vector: Multiple outlets reported that the attacker exploited Instructure's Free-For-Teacher (FFT) program, which permitted educator account creation without institutional verification, as the trust-boundary failure enabling access to institutional tenant data. (Per BleepingComputer and AP reporting; Instructure has not published a full root-cause analysis confirming this vector as of this collection window. Treat as reported, not confirmed.)

Instructure has permanently shut down the FFT program.

Threat actor profile: Mandiant reports activity consistent with prior ShinyHunters-branded extortion operations, characterized by credential-harvesting via fake company-branded login pages followed by data theft from cloud SaaS platforms. ShinyHunters attribution for this specific incident is attacker self-claim corroborated by Mandiant TTP pattern-matching; it is not independent forensic attribution.

Action — Affected institutions:

  1. Rotate Canvas API credentials and any LTI/integration keys.
  2. Enforce MFA on all administrative and faculty accounts.
  3. Brief faculty and students on Canvas-themed phishing — stolen data (names, emails, student IDs, message content) enables highly convincing spear-phishing.
  4. Sustain elevated phishing-awareness posture for minimum 90 days regardless of 12 May leak outcome — data is already exfiltrated.

Story 4 — GeoVision Physical Security Cluster: Five CVEs, No Patches

Five vulnerabilities published 4 May 2026 affect GeoVision video monitoring and license plate capture hardware. No vendor patches have been released. No public PoC code has been confirmed.

CVE CVSS Product Class
CVE-2026-42369 10.0 GV-VMS V20 Stack overflow → unauthenticated RCE via WebCam Server gvapi Authorization header
CVE-2026-42364 9.9 GeoVision GV-LPC2011/LPC2211 (firmware 1.10) OS command injection via DdnsSetting.cgi
CVE-2026-42368 9.9 GeoVision GV-LPC2011/LPC2211 Privilege escalation via web interface
CVE-2026-7161 9.3 GV-IP Device Utility Insufficient encryption in device authentication
CVE-2026-42370 / CVE-2026-7372 9.0 GV-VMS V20 WebCam Server Login stack overflow

CVSS scores above are drawn from NIST NVD primary records published 4 May 2026. The KEV input data for CVE-2026-0300 shows "CVSS N/A" in the catalog entry; CVSS scores for the GeoVision cluster are sourced from NVD, not the KEV catalog, and should be verified at nvd.nist.gov before operationalizing.

(Note: A claim that the GeoVision WebCam Server binary is compiled without ASLR appeared in the draft of this brief but could not be attributed to any named researcher, advisory, or published binary analysis in this collection window. That claim is excluded here pending sourced corroboration.)

Action — Defenders:

  1. Treat all listed GeoVision devices as untrusted and isolate from internet-facing networks immediately.
  2. Disable WebCam Server on GV-VMS where not operationally required.
  3. Restrict device management to dedicated VLANs with no internet path.
  4. Monitor for new vendor advisories — no patch ETA has been published.

Alternative Hypotheses

Alternative 1: The Ivanti EPMM exploitation is broader than "very limited." Ivanti's characterization is vendor self-reporting with an inherent incentive to minimize disclosed scope. Shadowserver's 800+ exposed-instance figure and the pattern of prior EPMM zero-day campaigns reaching significant victim counts before vendor disclosure suggest current scope may be undercounted. Assessment: Plausible but unverified. Accepting this alternative would not change KJ-2 (exploitation status confirmed) but would elevate operational urgency for all EPMM operators, not only those with confirmed indicators. Confidence impact on KJ-2: None on exploitation status; would shift urgency framing from "limited" to "broad."

Alternative 2: ShinyHunters' Instructure figures are accurate. The 275M / 8,809 figures are large but consistent with Canvas's published install base. Assessment: Possible. The figures remain attacker-sourced and Instructure has not confirmed them; treating them as verified would be premature. Confidence impact: Would move KJ-5 scope assessment from Low to Moderate if Instructure or an independent forensic firm corroborates.

Alternative 3: The LiteLLM exploitation activity is researcher scanning, not weaponization. The two source IPs and Python/aiohttp user agent are consistent with automated security research or bug-bounty scanning, not necessarily malicious credential extraction. The single-source nature of the Sysdig report means no independent telemetry has confirmed that the observed requests successfully exfiltrated data. Assessment: Plausible. If this alternative is correct, KJ-1 confidence would drop from Moderate to Low and the "active exploitation" characterization would require revision. Confidence impact: Would materially weaken KJ-1 if corroborated.

Alternative 4: CVE-2026-0300 exploitation is already commodified, not targeted. The KEV listing confirms exploitation but provides no actor characterization. Given the absence of a patch and the high value of perimeter firewall compromise, the vulnerability may already be in use by multiple actors across criminal and state-sponsored clusters rather than a single targeted campaign. Assessment: Plausible and consistent with the absence of any published attribution. Confidence impact: Would not change KJ-3 but would elevate urgency of the mitigation recommendation from "targeted threat" to "broad opportunistic threat."

Policy Implications

Intelligence Gaps and Collection Requirements

PIR-1. Identity and attribution of the threat actor exploiting CVE-2026-6973 against Ivanti EPMM — given that 2023 and 2025 EPMM zero-days were attributed to Chinese state-sponsored activity by Mandiant, is the current campaign continuity of that actor, opportunistic criminal exploitation, or a new cluster? Collection method: Mandiant/CrowdStrike incident response engagement reporting; CISA joint advisory if attribution is established.

PIR-2. Actual scope of the Instructure Canvas compromise — is the attacker's 275M record / 8,809 institution claim accurate, inflated, or understated? Collection method: OSINT monitoring of ShinyHunters leak site post-12 May; forensic findings from Instructure's engaged investigators if published.

PIR-3. Whether public PoC code for any of the five GeoVision CVEs has been published to non-public exploit markets or restricted forums. Collection method: OSINT monitoring of exploit broker channels; Recorded Future / Flashpoint underground reporting.

PIR-4. Whether CVE-2026-0300 PAN-OS exploitation is being conducted by a single actor or has been commodified — the absence of a patch increases incentive for commodification. Collection method: GreyNoise mass-scan telemetry; honeypot deployment behind PAN-OS captive portals.

PIR-5. Independent corroboration of the LiteLLM exploitation IOCs (65.111.27.132, 65.111.25.67) and confirmation that observed requests resulted in successful data exfiltration rather than scanning activity. Collection method: GreyNoise and Shodan telemetry; additional vendor research team reporting; victim self-disclosure.

PIR-6. Verification of FCEB-specific remediation deadlines for CVE-2026-42208, CVE-2026-6973, and CVE-2026-0300 — all three KEV entries currently list no due date in the catalog. Collection method: Direct query of live CISA KEV catalog at cisa.gov/known-exploited-vulnerabilities-catalog; CISA emergency directive issuance monitoring.

What to Watch

Named Actors

Researchers and incident responders (all named-individual attributions below appear in secondary reporting and cannot be independently verified against primary publication records available to this brief's collection process — single-source flag applies):

Vendor / victim officials (same single-source caveat applies):

Organizations (verified against primary-tier sources):

Threat actors:

References

  1. Cybersecurity and Infrastructure Security Agency. (n.d.). Known exploited vulnerabilities catalog. Retrieved from https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  2. National Institute of Standards and Technology, National Vulnerability Database. (n.d.). CVE-2026-42208 detail. Retrieved from https://nvd.nist.gov/vuln/detail/[CVE-2026-42208](https://blacklensintelligence.com/cve-2026-42208/)

  3. BerriAI. (n.d.). LiteLLM security advisory GHSA-r75f-5x8p-qvmc. Retrieved from https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc

  4. Sysdig Threat Research Team. (n.d.). Sysdig blog. Retrieved from https://www.sysdig.com/blog/

  5. Ivanti. (n.d.). Security advisory: Ivanti Endpoint Manager Mobile (EPMM) — May 2026. Retrieved from https://www.ivanti.com/security-advisories

  6. Palo Alto Networks. (n.d.). Security advisory for CVE-2026-0300, PAN-OS User-ID authentication portal. Retrieved from https://security.paloaltonetworks.com/

  7. Microsoft Security Response Center. (n.d.). Vendor guidance on ASP.NET Core Data Protection regression and key-ring rotation requirement. Retrieved from https://msrc.microsoft.com/

  8. Instructure, Inc. (n.d.). Status page incident disclosure, 7–8 May 2026. Retrieved from https://status.instructure.com/

  9. Associated Press. (n.d.). Reporting on Instructure Canvas breach citing Emsisoft analyst. Retrieved from https://apnews.com/

  10. WIRED. (n.d.). Reporting on ShinyHunters extortion of Canvas portals and 12 May 2026 leak deadline. Retrieved from https://www.wired.com/

  11. Shadowserver Foundation. (n.d.). Internet-exposure scan data for Ivanti EPMM. Retrieved from https://www.shadowserver.org/

  12. National Institute of Standards and Technology, National Vulnerability Database. (2026). CVE-2026-42369 detail. Retrieved from https://nvd.nist.gov/vuln/detail/[CVE-2026-42369](https://blacklensintelligence.com/cve-2026-42369-2/)

  13. National Institute of Standards and Technology, National Vulnerability Database. (n.d.). CVE-2026-42364 detail. Retrieved from https://nvd.nist.gov/vuln/detail/[CVE-2026-42364](https://blacklensintelligence.com/cve-2026-42364-2/)

  14. National Institute of Standards and Technology, National Vulnerability Database. (n.d.). CVE-2026-42368 detail. Retrieved from https://nvd.nist.gov/vuln/detail/[CVE-2026-42368](https://blacklensintelligence.com/cve-2026-42368-2/)

  15. National Institute of Standards and Technology, National Vulnerability Database. (n.d.). CVE-2026-7161 detail. Retrieved from https://nvd.nist.gov/vuln/detail/[CVE-2026-7161](https://blacklensintelligence.com/cve-2026-7161-2/)

  16. National Institute of Standards and Technology, National Vulnerability Database. (n.d.). CVE-2026-42370 detail; CVE-2026-7372 detail. Retrieved from https://nvd.nist.gov/vuln/detail/[CVE-2026-42370](https://blacklensintelligence.com/cve-2026-42370-3/) | https://nvd.nist.gov/vuln/detail/[CVE-2026-7372](https://blacklensintelligence.com/cve-2026-7372-3/)

  17. BleepingComputer. (n.d.). Reporting on CVE-2026-42208 KEV addition and exploitation. Retrieved from https://www.bleepingcomputer.com/

  18. Google Cloud, Mandiant. (n.d.). Threat-actor characterization of ShinyHunters extortion operations and prior EPMM campaign attribution. Retrieved from https://cloud.google.com/blog/topics/threat-intelligence

Confidence Note

High confidence:

Moderate confidence:

Low confidence / unverified:

Excluded from this brief (unverified — single-source gap-fill research without primary-source confirmation):

Key unresolved gaps that would shift confidence levels: